887cc8f4 jhb Jan. 4, 2017, 9:13 p.m.
Use the trapframe unwinder recently added for kernel stack overflow
panics for frames crossing MipsKernGenException and MipsKernIntr.
This provides more reliably unwinding across nested interrupts and
exceptions in the kernel.

While here, dump the value of the CAUSE and BADVADDR registers when
crossing a trapframe.

Submitted by:	rwatson (original version)
Obtained from:	CheriBSD
Sponsored by:	DARPA / AFRL
cgit ViewVC
d5e94982 dim Jan. 4, 2017, 8:56 p.m.
85aabebe dim Jan. 4, 2017, 8:42 p.m.
91b95f3d dim Jan. 4, 2017, 8:41 p.m.
4195c7de asomers Jan. 4, 2017, 8:26 p.m.
The sim_vid, hba_vid, and dev_name fields of struct ccb_pathinq are
fixed-length strings. AFAICT the only place they're read is in
sbin/camcontrol/camcontrol.c, which assumes they'll be null-terminated.
However, the kernel doesn't null-terminate them. A bunch of copy-pasted code
uses strncpy to write them, and doesn't guarantee null-termination. For at
least 4 drivers (mpr, mps, ciss, and hyperv), the hba_vid field actually
overflows. You can see the result by doing "camcontrol negotiate da0 -v".

This change null-terminates those fields everywhere they're set in the
kernel. It also shortens a few strings to ensure they'll fit within the
16-character field.

PR:		215474
Reported by:	Coverity
CID:		1009997 1010000 1010001 1010002 1010003 1010004 1010005
CID:		1331519 1010006 1215097 1010007 1288967 1010008 1306000
CID:		1211924 1010009 1010010 1010011 1010012 1010013 1010014
CID:		1147190 1010017 1010016 1010018 1216435 1010020 1010021
CID:		1010022 1009666 1018185 1010023 1010025 1010026 1010027
CID:		1010028 1010029 1010030 1010031 1010033 1018186 1018187
CID:		1010035 1010036 1010042 1010041 1010040 1010039
Reviewed by:	imp, sephe, slm
MFC after:	4 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D9037
Differential Revision:	https://reviews.freebsd.org/D9038
cgit ViewVC
629e066c dim Jan. 4, 2017, 7:53 p.m.
Darwin.
cgit ViewVC
0fc5d238 dim Jan. 4, 2017, 6:54 p.m.
1419873d dim Jan. 4, 2017, 6:53 p.m.
51d027f2 dim Jan. 4, 2017, 6:53 p.m.
e39ff5dd kan Jan. 4, 2017, 6:36 p.m.
4a8c3cd0 asomers Jan. 4, 2017, 6:13 p.m.
The offending code has been dead ever since the import from OpenBSD in
r195805.  OpenBSD later deleted that entire function.

Reported by:	Coverity
CID:		500059
MFC after:	4 weeks
Sponsored by:	Spectra Logic Corp
cgit ViewVC
640b69be ngie Jan. 4, 2017, 5:54 p.m.
- bridge_pf_dump: use nitems instead of spelling it out longhand
- bridge_do_pfctl: sort variables by alignment for type

MFC after:	1 week
cgit ViewVC
9577c300 ngie Jan. 4, 2017, 5:50 p.m.
This is being done to reduce wasted space, simplify complexity in
the code, and to quell a Coverity warning about buffer overruns.
warning about buffer overruns.

MFC after:	1 week
Reported by:	Coverity
CID:		1006736
cgit ViewVC
398b756b asomers Jan. 4, 2017, 5:39 p.m.
It's been dead ever since it was imported from TI-RPC in 1995.  The dead
code is still present in Illumos today, but was removed from NetBSD in 2006.

Reported by:	Coverity
CID:		270097
Obtained from:	NetBSD
MFC after:	4 weeks
Sponsored by:	Spectra Logic Corp
cgit ViewVC
758268dc ngie Jan. 4, 2017, 5:38 p.m.
MFC after:	3 days
cgit ViewVC